Take the pledge to vote

Thank you for taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618

WiFi Hotspot App Exposed Over Two Million Passwords in Plain Text

The data is reportedly offline now, but had previously left login credentials and geolocations of many private Wi-Fi networks online, without encryption.

WiFi Hotspot App Exposed Over Two Million Passwords in Plain Text (Getty Images)

Loading...

A popular public Wi-Fi hotspot finder application had left its database of Wi-Fi network credentials, including geolocation and login credentials, connected to the internet, and without any form of protection. The issue, spotted by security researcher Sanyam Jain and reported by TechCrunch, has been seemingly resolved since brought to light, and the database host has taken down all the data in a bid to prevent a potential cyber catastrophe.

However, the latest incident marks a series of similar lapses in reasonable cyber security steps that are expected of services, with databases left online without any form of encryption, or even a password. The app in question is meant for sharing public Wi-Fi hotspots while users connect to it, and automatically uploads such passwords to an online database. However, while uploading public network credentials, the app also uploaded a large set of private network data, complete with login credentials and geolocation details to the server.

To make things worse, all of this, along with each network’s BSSID (basic service set identifier), which can be used to identify and track down a network, was uploaded online and stored in plain text, making it available for anyone to read. The security implications are ominous, for any user with malicious intent can tap into the data, modify router settings and redirect users into genuine-looking sites ridden with all forms of malware, which could in turn lead into phishing or ransomware attacks.

Thankfully, there were no private contact details included within the database. This marks yet another close shave in terms of severe personal data damage, and another win for white hat cyber security researchers in the endless saga of cyber warfare.(Get detailed and live results of each and every seat in the Lok Sabha elections and state Assembly elections in Andhra Pradesh, Odisha, Arunachal Pradesh and Sikkim to know which candidate/party is leading or trailing and to know who has won and who has lost and by what margin. Our one-of-its-kind Election Analytics Centre lets you don a psephologist’s hat and turn into an election expert. Know interesting facts and trivia about the elections and see our informative graphics. Elections = News18)